Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Firefox cross-site scripting issue
After blocking the above issue I had another finding and decided to block the <xss tag with

if (ContainsText(AParam, '<xss')) then
AllowIt := False;

Doing this stops the following:

I guess it should be added to the list of things to block by default so I am posting it here?
I am adding to this thread so everyone has the final update.

Since there is a large list of the cross site scripting (see that "according to the testing company" can be used against a website through parameters, I ended up blocking all of the parameters by the servercontroller->OnParseParameter. I then wrote code to handle the params that I did want to allow.

This passed the security audit checks so I am moving on.

Forum Jump:

Users browsing this thread: 2 Guest(s)